#UK Home Secretary: #MI5 committed serious safeguard breaches with interception warrants -- Puppet Masters -- Sott.net
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. [https://en.wikipedia.org/wiki
It's 2016 going on 1984.
The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous".
The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government.
But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online".
It's no wonder, because it basically does.
The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.
Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections.
In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group.
The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".
There are some safeguards, however, such as a "double lock" system so that the secretary of state and an independent judicial commissioner must agree on a decision to carry out search warrants (though one member of the House of Lords disputed that claim).
A new investigatory powers commissioner will also oversee the use of the powers.
Despite the uproar, the government's opposition failed to scrutinize any significant amendments and abstained from the final vote. Killock said recently that the opposition Labour party spent its time "simply failing to hold the government to account".
But the government has downplayed much of the controversy surrounding the bill. The government has consistently argued that the bill isn't drastically new, but instead reworks the old and outdated Regulation of Investigatory Powers Act (RIPA). This was brought into law in 2000, to "legitimize" new powers that were conducted or ruled on in secret, like collecting data in bulk and hacking into networks, which was revealed during the Edward Snowden affair.
Much of those activities were only possible thanks to litigation by one advocacy group, Privacy International, which helped push these secret practices into the public domain while forcing the government to scramble to explain why these practices were legal.
The law will be ratified by royal assent in the coming weeks.
ZDNET INVESTIGATIONSMore security news Is encrypted e-mail a must in the Trump presidential era? - Britain has passed the 'most extreme surveillance law ever passed in a democracy' - New York DA vs Apple encryption: 'We need new federal law to unlock 400 seized iPhones' - Google's request for map of Korea denied
The Snooper's Charter passed into law this week – say goodbye to your privacy
Silkie Carlo is the policy officer at Liberty
The United Nations has passed a non-binding resolution condemning the disruption of Internet access as a human rights violation.
Russia and China were among countries opposing the resolution, which reaffirms the stance of the UN Human Rights Council that “the same rights people have offline must also be protected online.”
Saudi Arabia joined the two nations in their objections. But in addition to authoritarian regimes, democracies such as India and South Africa also disagreed and called for the deletion of the following passage:
“Condemns unequivocally measures to intentionally prevent or disrupt access to or dissemination of information online in violation of international human rights law and calls on all States to refrain from and cease such measures.”
While not legally enforceable, a resolution such as this can help put pressure on governments and add weight to the arguments of digital rights groups.
Digital rights site Access Now’s Global Policy and Legal Counsel representative, Peter Micek, enlarged on this.
“This unanimous statement by the world’s highest human rights body should give governments pause before they order blocking, throttling, and other barriers to information.”
Such throttling was witnessed in Turkey following the June 2016 attack on Istanbul’s Ataturk Airport, when social media sites were suppressed.
Access Now says at least 15 Internet shutdowns took place worldwide in 2015. So far in 2016, at least 20 shutdowns are known to have been put into place.
A major row between the political parties is brewing over demands by David Cameron and the intelligence services for even more surveillance powers in the wake of the terrorist atrocities in Paris last week.
David Cameron has promised new legislation so that terrorists no longer have “safe spaces” to communicate.
Pointing out that in the old days, intelligence agencies were able to open letters and eavesdrop on phone calls, the PM asked in a speech yesterday: “In our country, do we want to allow a means of communication between people which […] we cannot read?”
But today deputy PM Nick Clegg said such a response would be disproportionate and would “cross a line”.
The issue centres on the fact that technology is changing so fast that the laws on which security officials rely to give them access to communications are becoming obsolete almost as soon as they are written.
Here the Bureau explains why new legislation passed last summer is said to be already inadequate to keep Britons safe, what the government could do next and why the public debate must take account of GCHQ’s most realistic option – hacking.
What are the problems?
The Data Retention and Investigatory Powers Act (DRIPA) was only passed last summer, having been fast-tracked through Parliament.
The new law extended the reach of the Regulation of Investigatory Powers Act (RIPA) which gives authorities interception powers.
Under DRIPA telecoms companies can also be required to keep billing data – information on who contacts whom, when and for how long on mobile networks but not the content of these messages – for up to 12 months and allow security officials to access it on production of a warrant.
This “meta-data” held by the companies is helpful in identifying associates of known terrorists or criminals. Law enforcement and security officials can use evidence of contact between parties to justify directly surveilling individuals and accessing the content of their communications.
But the law is already said to be becoming obsolete.
There are three main reasons for this:
1) People aren’t calling each other over mobile networks as often as they used to
Terrorists and serious criminals, like the general public, are using the internet to communicate instead, speaking to each other via social media sites, instant messaging services – including those provided by online games – and chat rooms.
Billing data doesn’t capture these exchanges.
Intelligence agencies are increasingly finding that even when they have located the particular messages they want, the content is encrypted.
3) The data isn’t collected by UK telcos
Companies operating fixed line and mobile infrastructure such as BT and Vodafone may simply transport data to and from another company – such as Facebook or Twitter – to the customer with little or no data retained about the communication.
4) Some of the communications the spies want access to are held by service providers that are not based in the UK
Under DRIPA, interception warrants issued by UK authorities can be applied to overseas firms. As Liberty pointed out, the UK’s Home Secretary could serve Gmail with a warrant in California, requiring it to intercept all communications between subscribers in two specified countries or all communications leaving or entering the UK.
However many legal experts have questioned the validity of this extra-territorial effect, not least because the legislation could require companies to breach their own nation’s laws in complying with a UK warrant – a warrant whose existence they could not reveal without breaking UK law.
A recent Telegraph report quoted an anonymous security official complaining that these companies would not assist GCHQ enquires by passing on evidence about serious criminals unless there was an imminent threat of harm.
What can be done about it?
1) Get heavy with the tech companies
Media reports have suggested Whatsapp, Snapcat and Apple’s iMessage, which offer an encrypted instant messaging services could be banned from the UK.
Companies that offer encrypted email services could also be banned or required to hand over their encryption “keys”, either to the security services or to network operators.
Operators could then be required by law to decrypt the data.
As Privacy International points out, proposals to outlaw encrypted communications “not only threaten the very rights they’re said to be designed to protect, but begin from a fundamentally flawed premise – that such measures are even possible.”
It added: “The UK simply can not command foreign manufacturers and providers of services such as Whatsapp to modify their services to accommodate the desires of British spies.”
Any attempted move in this direction would antagonise some very powerful opponents – Google, for example, which recently proposed that websites that do not encrypt their traffic be marked as “insecure” by default.
The company is a major advocate for “end-to-end encryption“, which encrypts data leaving a user’s browser until it is decrypted by the recipient. The tech giant has previously publicly announced support for anti-surveillance campaigners.
In 2010 the Indian government threatened to ban Blackberry for refusing to allow the country’s security officials access to its messages. The dispute ran for several years before ending in a compromise, with the company agreeing to allow more limited access – to meta-data – than had originally been requested.
A battle between the UK and Google or Apple would be a different matter altogether.
2) Revival of the “Snoopers’ Charter”
The Conservatives are pushing for a revival of the Communications Data draft Bill, known as the “Snoopers’ Charter”, which was abandoned in 2013 after opposition from the Liberal Democrats.
This would have required all internet service providers to retain, for 12 months, in a common format data on their customers’ communications via the internet as well as via the mobile networks.
Data stored would include visits to websites and social media activities.
These databases could then be searched by a Government data-mining device called a “request filter”.
As well as major concerns about the threat to privacy this would entail, it is questionable whether the national security benefits would justify the expense of building and maintaining the data storage centers necessary to retain this huge amount of information, particularly if the encryption problem has not been solved.
Companies that have no commercial imperative to collect the information would have to be compensated if they were compelled to do so. The bill could run into hundreds of millions of pounds given the volume and complexity of data involved.
The third prong in the intelligence agencies’ communications surveillance trident is its ability to break encryption by hacking.
GCHQ’s capabilities in this and any other regard are never discussed officially as a matter of policy.
But without understanding this capability – and how, if at all, it is constrained by the law – it is difficult to know just how hampered the security services are.
Documents leaked in 2013 by National Security Agency (NSA) whistleblower Edward Snowden revealed that US and UK intelligence agencies have been pouring their efforts into cracking encryption codes for many years.
A Guardian report that year quoted a 2010 NSA presentation as stating that “for the past decade, NSA has led an aggressive, multipronged effort to break widely used internet encryption technologies.”
A more recent report in German newspaper Der Spiegel based on a set of Snowden files dated 2012 showed that the NSA considered monitoring Facebook chat “a minor task”. On the other hand a protocol called Off-the-Record (OTR) for encrypting instant messaging seemed to be causing the NSA major problems.
Facebook has improved its security since 2012 but it’s likely that intelligence agencies’ hacking powers have improved in tandem.
GCHQ hacking may also explain why the government wants companies to store data that is currently unreadable due to encryption.
As yet another Snowden file says: “Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
Once an encrypted system has been hacked into, intelligence agencies can re-examine stored data to find information that was previously hidden – a powerful motive for retaining data.
The Snowden documents also revealed that NSA and its “Five Eyes” partners including the UK had adopted covert measures to ensure control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”.
Through covert partnerships with internet service providers and tech companies, the agencies had also inserted secret vulnerabilities known as backdoors into commercial encryption software.
“These design changes make the systems in question exploitable … to the consumer and other adversaries, however, the systems’ security remains intact,” one document says.
Since this was made public, the companies concerned may have become less willing to enter into these collaborations.
Related story: Thatcher and Blair Cabinet Secretary: Intelligence committee has “helped” public by confirming GCHQ’s internet tap “Tempora” powers
see more links - #spycops etc: